BAE Systems: A cyber attack could cost your business £1 million

Following on from Kaspersky Lab's report finding that DDoS attacks can cost large businesses up to £1.2 million, BAE Systems has also released new research highlighting the financial impact of cyber attacks.

The study of 100 business leaders from private sector organisations with over 1,000 employees found that the average cost of a cyber attack was £330,00. It also revealed that, for 10 per cent of businesses, being hit by a cyber attack can cost £1 million.

Furthermore, over 50 per cent of respondents said that they had suffered a cyber attack within the last 12 months and a fifth were not confident in being able to return normal business operations withing 48 hours of an attack taking place.

"The research confirms that cyber security is no longer merely a technical issue, but a challenge for the board," said Julian Cracknell, managing director for UK Services at BAE Systems.

"Businesses need to ensure they have the right people, process and tools in place, so when a major incident occurs they are equipped to understand, contain and remediate. If action isn’t taken immediately, the price of cyber ignorance – for the company and the wider economy – could be severe."

Industry reaction

David Navin, Corporate Security Specialist atSmoothwall:

“It is not surprising that a cyber attack could set one in ten UK businesses back by £1 million, as the repercussions of cyber attacks can have vast consequences on a business. However, it is worrying that a fifth don’t feel that they could return to business as usual within 48 hours of an attack. As it is now incredibly common for companies to find themselves victims of a cyber attack, they need to have a robust strategy for when a breach takes place, as the fall out could cause immense reputational damage to the organisation.

“Security needs to be at the top of every board’s agenda from the CTO to the CEO. They need to be educated to the risks and understand the importance of having strong enterprise grade security measures in place, beginning with firewalls, encryption and good security software. Security needs to be taken seriously at all points of the organisation, to ensure that all employees understand the risks of their actions and know the security processes in place should an incident occur, in order to mitigate the risks in the event of a breach.”

Jamie Gallagher, General Manager atRelianceACSN:

“Unfortunately, too many companies spend enormous amounts purchasing specialist security tools that are fantastic at securing an organisation from that one particular threat, but ultimately approaching security infrastructure in silos still leaves them exposed. Many organisations are not able to identify their critical data, which is what needs to be protected.

“Governments and businesses typically respond to breaches with quite short-term and insular thinking, really only making their network more secure than the organisation next door. This doesn’t solve the problem, because as long as it is cost effective for hackers to continue operating, they will innovate and find the exposed parts of an organisation’s network.”

Stephen Love, Security Practise Lead – EMEA, Insight:

“The fact that a cyber attack could cost one in ten UK businesses one million pounds is not all that surprising. Almost daily we hear about another cyber-attack in the news and the devastation it has caused the organisation.

However, what’s potentially more worrying is that the study found one fifth of businesses were not confident that they could return to business as usual within 48 hours of an attack. In short, this means they are not prepared for the inevitable. The industry is consistently warning against the risks of leaving a business unprepared and unprotected, yet BAE’s research shows that a large portion of the UK’s corporate landscape aren’t adhering.

"There is no excuse for this. There are numerous tools and services that can help any business of any size to not only bolster their cyber-security, but can help reduce the fallout – both reputational and financial – if they were to be attacked. And with the EU General Data Protection Regulation only two years from implementation, planning ahead is the a vital course of action for any business.”